fraud_reportswikiaorg-20200214-history
ED Pill Store
Description ED Pill Store previously was associated with the "Exquisite Replica" scam replica sites. Now it shares nameservers and IP addresses with penile enlargement brands linked to SanCash. Samples of the spam ED Pill Store spammers are famous for their inability to include in their spams the URL they want you to visit. About half the time they do manage to do it, and since they send massive bursts of similar spams, it's usually possible to see what they were trying to do with the ones that failed. From: "FreeViagra" Subject: Always be ready to perform in bed Tireed of peying ridic Sample site for analysis: fodrx.com Looking up the registrant details at http://www.dnsstuff.com/tools/whois.ch?ip=fodrx.com&email=on we find DNS Servers: NS1.CHAMBOGOS.COM NS2.CHAMBOGOS.COM Registrant Contact Name: paul gregoire Address: 175 Montreal Road 304 vanier, on K1L 6E4 CA Email Address: paulgregoire@coldmail.ca Phone Number: (613)255-2162 Spamhaus lists Paul Gregoire as a known alias for Alex Polyakov at http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK7159 Looking up the registrant details for the Name Servers for fodrx.com at http://www.dnsstuff.com/tools/whois.ch?ip=chambogos.com&email=on we find DNS Servers: NS1.DNSGOLDONE.COM NS2.DNSGOLDONE.COM Registrant 1649: Gregory William gregw@coldmail.ca 1808 Bowen road 109 Nanaimo British Columbia V9S 5W4 CA Spamhaus lists dnsgoldone.com as a domain registered by Alex Polyakov at http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK6934 Gregory William is another frequent alias for Alex Polyakov, and he has used the same Montreal Rd address: Domain Name: HOROSCOPEFORCAATS.COM Administrative Contact: Gregory William gregw@popaccount.com Protected Domains Inc. 175 Montreal Road 304 Vanier ON K1L 6E4 CA Phone: 1-613-482-5333 The building at that address is actually a Playmate strip club. In the March 2009 "Free Today" site setup, there is no secure ordering, only a prominent banner falsely claiming to have it: Looking at the address in the browser shows it is "http," not "https:" So every computer this order passes through on its way across the internet can record who is ordering these pills, what they're ordering, and what their credit card numbers are. How to Report this Spam The Complainterator is configured to report this spam to the registrars. It automates the process described here. Do a whois lookup on the domain name spamvertized, to discover the registrar of the web site. Email a complaint requesting that the illegal site be removed. Do a whois lookup on the domain names used by the name servers that resolve access to the web site. Again, discover the registrar(s) that are sponsoring the access to the web site. Email a complaint to the sponsoring registrar. Removal instructions To remove them as name servers, the Address records for ns1 and ns2 need to be changed to a non-routable address, such as 0.0.0.0 or a blackhole address within their own address space. The registrar then needs to set the status of each of these domains to * clientUpdateProhibited * clientDeleteProhibited * clientTransferProhibited * clientHold For evidence, you can simply provide this page's URL http://www.spamtrackers.eu/wiki/index.php?title=ED_Pill_Store Related spam operations Most closely related scam sites are the Herbal King clones Dr. Maxman, Max Gentleman, and Power Gain+. They share the exact same set of name servers, and are registered at the same time. See for example the most recent registrations at the spam tracking site for vayup.com. Sponsor Organization SanCash (in early 2008 known as "Etranzmu", the underground sponsor affiliate program related to Genbucks) was shut down by law enforcement agencies in the US, Australia and New Zealand in late 2008, but their brands soon reappeared in defiance of that. Obviously, there is a sponsor paying all those affiliates to spam for these sites. The successor to Sancash is the sponsor organization behind this type of site. They pay spammers to promote it, and they don't shut down illegal spammers. Category:Well-known Spam Category:Pharma spam